Uwe Hermann - torhttp://www.hermann-uwe.de/taxonomy/term/566/0
enDear virus/worm/rootkit/botnet writer...http://www.hermann-uwe.de/blog/dear-virus-worm-rootkit-botnet-writer
<p>...next time you write such a piece of malware, how about making it do something <em>useful</em> (instead of nefarious) for a change, say, have your botnet zombies become <a href="http://www.torproject.org/">Tor</a> exit nodes? kthxbye.</p>
http://www.hermann-uwe.de/blog/dear-virus-worm-rootkit-botnet-writer#commentsanonymitybotnetfunnygoodrootkitsecuritytorviruswormSat, 16 Aug 2008 21:39:58 +0200Uwe Hermann1368 at http://www.hermann-uwe.deDonations for a good causehttp://www.hermann-uwe.de/blog/donations-for-a-good-cause
<p>You still got some money left after buying all those Christmas presents? How about donating some of it for a good cause:</p>
<ul>
<li>
<a href="http://wikimediafoundation.org/wiki/Fundraising">Wikipedia</a></p>
<blockquote><p>
Wikipedia is entering 2007 as one of the 10 most visited websites in the world. That's a great proof of our success. However, with this success comes a new set of challenges and responsibilities. As we plan for the future of Wikipedia and all of the Wikimedia projects, our two most important goals now are the reliability of our content and the long-term sustainability of every project in which we are involved.</p>
<p>To meet these goals we have a lot of work to do, so I am asking for your help. In the coming year, the Wikimedia Foundation anticipates dramatically increasing spending to keep up with server and traffic capacity demands, add new staff on the organizational level, improve our software and develop methods to better ensure high quality content, all while <strong>making progress toward our goal of giving free knowledge to everyone</strong>.
</p></blockquote>
<p> -- Florence Devouard, Chair of the Wikimedia Foundation
</li>
<li>
<a href="http://creativecommons.org/support/">Creative Commons</a></p>
<blockquote><p>
It's once again time to show your support for Creative Commons. Digital technologies are connecting people in ways that were never before possible – but that network is fragile. Creative Commons needs your support to help enable a participatory culture – a culture in which everyone can actively engage in the creativity that surrounds us. We need your support to assure access to cultural, scientific, and educational content that has been pre-cleared for use by its authors.
</p></blockquote>
</li>
<li>
<a href="http://www.fsf.org/">Free Software Foundation (FSF)</a></p>
<blockquote><p>
Freedom is more precious than anything else we have and we need to protect it while we still can.
</p></blockquote>
<p> -- Eben Moglen in his <a href="http://gplv3.fsf.org/static/FSF_Eben_Moglen_Appeal.ogg">FSF year end video appeal</a> (OGG, 24 MB)
</li>
<li>
<a href="http://www.eff.org/support/">Electronic Frontier Foundation (EFF)</a></p>
<blockquote><p>
EFF is a nonprofit group of passionate people — lawyers, technologists, volunteers, and visionaries — working to protect your digital rights.
</p></blockquote>
</li>
<li>
<a href="http://tor.eff.org/donate.html.en">Tor: anonymity online</a></p>
<blockquote><p>
Tor is a toolset for a wide range of organizations and people that want to improve their safety and security on the Internet. Using Tor can help you anonymize web browsing and publishing, instant messaging, IRC, SSH, and other applications that use the TCP protocol. Tor also provides a platform on which software developers can build new applications with built-in anonymity, safety, and privacy features.
</p></blockquote>
</li>
</ul>
<p>Or how about some organizations not directly related to Free Culture or Free Software?</p>
<ul>
<li>
<a href="http://web.amnesty.org/pages/donate_now">Amnesty International (AI)</a></p>
<blockquote><p>
Amnesty International (AI) is a worldwide movement of people who campaign for internationally recognized human rights. AI’s vision is of a world in which every person enjoys all of the human rights enshrined in the Universal Declaration of Human Rights and other international human rights standards.
</p></blockquote>
</li>
<li>
<a href="http://www.redcross.org/donate/donate.html">Red Cross</a></p>
<blockquote><p>
The International Red Cross (and Red Crescent Movement) is an international humanitarian movement whose stated mission is to protect human life and health, to ensure respect for the human being, and to prevent and alleviate human suffering, without any discrimination based on nationality, race, religious beliefs, class or political opinions.
</p></blockquote>
</li>
</ul>
http://www.hermann-uwe.de/blog/donations-for-a-good-cause#commentsaicausecccchristmascreativecommonsdonationefffsfred crosstorwikipediaxmasMon, 25 Dec 2006 00:51:26 +0100Uwe Hermann1194 at http://www.hermann-uwe.deScatterChat - secure, anonymous, free, cross-platform Instant Messaging clienthttp://www.hermann-uwe.de/blog/scatterchat-secure-anonymous-free-cross-platform-instant-messaging-client
<p><a href="http://www.scatterchat.com">ScatterChat</a> is a new cross-platform <a href="http://en.wikipedia.org/wiki/Instant_messaging">IM</a> client announced by the <a href="http://www.cultdeadcow.com/">Cult of the Dead Cow</a> / <a href="http://hacktivismo.com/">Hacktivismo</a> (during the <a href="http://www.hopenumbersix.net/">HOPE</a> conference, it seems).</p>
<p>From the website:</p>
<blockquote><p>
ScatterChat is a HACKTIVIST WEAPON designed to allow non-technical human rights activists and political dissidents to communicate securely and anonymously while operating in hostile territory. It is also useful in corporate settings, or in other situations where privacy is desired.</p>
<p>It is a secure instant messaging client (based upon the <a href="http://gaim.sourceforge.net/">Gaim</a> software) that provides end-to-end encryption, integrated onion-routing with <a href="http://tor.eff.org/">Tor</a>, secure file transfers, and easy-to-read documentation.</p>
<p>Its security features include resiliency against partial compromise through <a href="http://en.wikipedia.org/wiki/Perfect_forward_secrecy">perfect forward secrecy</a>, immunity from <a href="http://en.wikipedia.org/wiki/Replay_attack">replay attacks</a>, and limited resistance to <a href="http://en.wikipedia.org/wiki/Traffic_analysis">traffic analysis</a>... all reinforced through a pro-actively secure design.
</p></blockquote>
<p>So the client is a "friendly-fork" of Gaim, it uses Tor to achieve anonymity, and for the crypto parts (secure messaging, secure file transfer) ScatterChat uses <a href="http://directory.fsf.org/security/libgcrypt.html">libgcrypt</a>.</p>
<p>It's a cross-platform application available for Linux, Windows; support for other OSes is planned (Mac OS X, others).</p>
<p>You can always <a href="http://scatterchat.com/download.html">download</a> the source code, of course, as it's free software. Actually, not quite. While ScatterChat itself is based on the GPL'd Gaim, it has to be GPL'd, too. However, the scatterchat-module package, which seems to contain the crypto-parts, is licensed under a custom "Hacktivismo Enhanced-Source Software License Agreement" (HESSLA) right now, which is so horribly long I didn't even bother reading it.</p>
<p>However, the README says:</p>
<blockquote><p>
I am open to the possibility of re-licensing parts of this library to GPL, BSD, public domain, or some other license. I cannot make any promises, but I will try to accomodate reasonable requests.
</p></blockquote>
<p>I'm going to do just that, email <a href="http://www.scatterchat.com/contact.html">the author</a> and ask him nicely to change the license to some sane, well-known free software license. If you feel similar, please let the author know (hint, hint). Depending on what the HESSLA really says, it might prevent ScatterChat from entering Debian, for example.</p>
<p>I haven't yet tried to use the application, but it sure looks like it has a lot of potential. It also seems do most security-related things right:</p>
<ul>
<li>it doesn't try to reinvent/reimplement its own crypto primitives (which would be doomed to fail), but rather uses libgcrypt</li>
<li>it has a <a href="http://scatterchat.com/docs/crypto_protocol.txt">documented crypto protocol</a></li>
<li>it's free software, which is a major requirement (see <a href="http://en.wikipedia.org/wiki/Kerckhoffs%27_principle">Kerckhoffs' principle</a>)</li>
<li>it doesn't reinvent the wheel, but rather uses Tor for anonymity (for example)</li>
<li>etc. etc.</li>
</ul>
<p>Of course that's no guarantee that it's secure; I hope some crypto-gurus look over it soon. But at least they didn't make obvious stupid mistakes we've all seen in many other pieces of software.</p>
<p>Anyways, I feel this is a real important project which will help lots of people (activists, political dissidents, normal people like me and you who value their privacy). Go check it out!</p>
<p>(via <a href="http://www.boingboing.net/2006/07/22/scatterchat_anonymou.html">Boing Boing</a>)</p>
http://www.hermann-uwe.de/blog/scatterchat-secure-anonymous-free-cross-platform-instant-messaging-client#commentsanonymitycdchacktivismohopeprivacyscatterchatsecuritytorSun, 23 Jul 2006 00:58:12 +0200Uwe Hermann1042 at http://www.hermann-uwe.deAnonymous Google Earth over Torhttp://www.hermann-uwe.de/blog/anonymous-google-earth-over-tor
<p>I'm probably not the first one to notice this, but you can actually use <a href="http://earth.google.com/">Google Earth</a> anonymously (upon first glance at least) over <a href="http://tor.eff.org/">Tor</a>. It seems all the traffic (downloads of maps and textures etc.) goes over port 80 (http) and 443 (https), which can easily be anonymized with Tor (read <a href="http://www.hermann-uwe.de/blog/howto-anonymous-communication-with-tor-some-hints-and-some-pitfalls">an older post of mine</a> for details on Tor).</p>
<p>Just type</p>
<pre>
export http_proxy=http://127.0.0.1:8118/
export HTTP_PROXY=http://127.0.0.1:8118/
</pre><p>and set up Privoxy and Tor correctly, then start Google Earth in the same xterm and you're done. I haven't looked closely at the protocol Google Earth uses (any articles available on that?) but upon a quick glance in <a href="http://www.wireshark.org/">Ethereal / Wireshark</a> all traffic is torified, not even DNS requests are leaked. Technical explanation: the Google Earth binary uses <a href="http://curl.haxx.se/libcurl/">libcurl</a> internally, which honors the <code>http_proxy</code> environment variable.</p>
<p>However, that's not a guarantee that you're 100% anonymous, as Goole Earth could send some unique identifier (e.g. MAC address, hard drive ID etc.) to their servers which would spoil your anonymity.</p>
<p>Btw, I actually discovered this accidentally because I have the above HTTP_PROXY lines in my <code>.bashrc</code>, so most of my HTTP traffic is anonymized by default...</p>
http://www.hermann-uwe.de/blog/anonymous-google-earth-over-tor#commentsanonymityearthgooglegoogle earthhttpsecuritytorMon, 17 Jul 2006 00:16:03 +0200Uwe Hermann1034 at http://www.hermann-uwe.deHOWTO: Anonymous communication with Tor - some hints and some pitfalls [Update]http://www.hermann-uwe.de/blog/howto-anonymous-communication-with-tor-some-hints-and-some-pitfalls
<p><strong style="color: #ff0000">Warning:</strong> Very long post ahead. You have been warned!</p>
<h2>What?</h2>
<p><a href="http://tor.eff.org/">Tor</a> is a Free Software project (revised BSD license), developed by <a href="http://freehaven.net/~arma/">Roger Dingledine</a> and <a href="http://www.wangafu.net/~nickm/">Nick Mathewson</a>, that creates an infrastructure for anonymous TCP communication.</p>
<p>From the project website:</p>
<blockquote><p>
Tor is a toolset for a wide range of organizations and people that want to improve their safety and security on the Internet. Using Tor can help you anonymize web browsing and publishing, instant messaging, IRC, SSH, and other applications that use the TCP protocol. Tor also provides a platform on which software developers can build new applications with built-in anonymity, safety, and privacy features.</p>
<p>Tor aims to defend against traffic analysis, a form of network surveillance that threatens personal anonymity and privacy, confidential business activities and relationships, and state security. Communications are bounced around a distributed network of servers called onion routers, protecting you from websites that build profiles of your interests, local eavesdroppers that read your data or learn what sites you visit, and even the onion routers themselves.
</p></blockquote>
<p>Tor also allows you to set up and/or use a so-called <a href="http://tor.eff.org/cvs/tor/doc/tor-hidden-service.html">Tor hidden service</a>, i.e., a server that offers some service (a website, ssh access, or similar) without revealing its IP to its users.</p>
<h2>Why?</h2>
<p>Why would you want to use Tor? Well, because you probably don't want <em>anybody</em> (neither state agencies, nor companies, nor "hackers", nor any other individuals or groups) to be able to record, analyze, and (ab)use information about your web browsing habits, or any other communication habits. For instance, you don't want Google to <a href="http://news.com.com/2100-1025_3-6034666.html?part=rss&amp;tag=6034666&amp;subj=news">have a complete search-profile of you</a>, which &mdash; even worse &mdash; might some day get in the hands of other parties. In the days of massive <a href="http://en.wikipedia.org/wiki/Data_retention">data retention</a> you don't want all your electronic traces to be recorded, stored for ages, analyzed, and data-mined for dubious reasons and with even more dubious results and false conclusions drawn that might negatively affect you. If you're a human rights activist in China, you want anonymous communication. If you're a <a href="http://en.wikipedia.org/wiki/Whistleblower">whistleblower</a>, you want anonymous communication. The list is endless.</p>
<p>For securing your communications, so that nobody is able to sniff your emails, your chat messages, your passwords, your private documents and conversations, you use encryption. For communicating <em>anonymously</em> you can use Tor. Combine both, and you have secure and anonymous communication.</p>
<p>In case you're wondering whether criminals might abuse Tor, read the <a href="http://tor.eff.org/faq-abuse.html.en">Tor Abuse FAQ</a>. Short answer: yes, but if you're willing to break the law, you already <em>have</em> anonymity (open access points, stolen/prepaid mobile phones, etc.). You don't need Tor to do bad things if you're a criminal.</p>
<p>If you're one of those horrible "oh, but I don't have anything to hide" guys, consider this: Say you have a drug/alcohol problem and want to visit an anti-drugs/anti-alcohol website or forum for help. Would you want the whole world, your neighbors, your co-workers, your boss, to know that, or would you rather want to keep that a secret? Say you have AIDS and want to get information on the web? Or, to make the example even more dramatic: Would you want some random guys to be able to watch you while you fuck your wife? No? So you <em>have</em> something to hide after all, right?</p>
<p>My point is: <em>Everyone</em> has something to hide, even more, it is a <em>basic human right</em> to have the ability to hide something. It's called privacy. </p>
<h2>How?</h2>
<p>Tor implements a form of <a href="http://en.wikipedia.org/wiki/Onion_routing">onion routing</a> to, basically, push encrypted data through multiple Tor nodes (servers), before it reaches the final destination (e.g. a website). The result is that neither the website owner, nor a local eavesdropper, nor any single Tor server knows who requested that specific website, hence you are communicating anonymously. For more technical details, read the <a href="http://tor.eff.org/overview.html.en">Tor overview</a> and the <a href="http://tor.eff.org/documentation.html.en">Tor documentation</a> pages.</p>
<p>In order to use Tor, you have to install and run a local Tor client/daemon (this is <em>not</em> necessarily a Tor server!). On Debian, type <code>apt-get install tor</code>, on other systems you can <a href="http://tor.eff.org/download.html.en">get the respective binary packages or download the sources</a> and compile Tor yourself.</p>
<p>Usually Tor is used together with <a href="http://en.wikipedia.org/wiki/Privoxy">Privoxy</a>, a configurable HTTP proxy that sanitizes your web-browsing experience by removing nasty banner ads, pop-ups, JavaScript, webbugs, cookies etc. etc. So: <code>apt-get install privoxy</code>.</p>
<p>After installing and starting Tor and Privoxy, you can now configure your webbrowser to use Privoxy as an HTTP proxy (see below), and Privoxy will in turn use Tor to anonymize your communication if you add "<code>forward-socks4a / localhost:9050 ."</code> to your <em>/etc/privoxy/config</em>.</p>
<h2>Anonymizing various applications</h2>
<p>Most (but not all) of the following information is also covered in the very useful <a href="http://wiki.noreply.org/noreply/TheOnionRouter/TorifyHOWTO">Torify HOWTO</a> in the Tor wiki (I will add the missing information there, ASAP). As I'm pretty paranoid, I have checked every single of these configurations with <a href="http://www.ethereal.com/">Ethereal</a> to ensure that the traffic is <em>really</em> anonymized. However, if <em>you</em> are paranoid, you shouldn't trust me, but rather test this stuff for yourself!</p>
<p><strong style="color: #ff0000">Warning: DNS Leaks</strong>:<br />
The biggest problem with many applications is that they <em>leak DNS requests</em>. That is, although they use Tor to anonymize the traffic, they first send a DNS request <em>untorified</em> in order to get the IP address of the target system. <em>Then</em> they communicate "anonymously" with that target. The problem: any eavesdropper with more than three brain cells can conclude what website you visited, if they see that you send a DNS request for <a href="http://www.rsf.org">rsf.org</a>, followed by some "anonymous" Tor traffic. The solution: use Tor together with Privoxy, that prevents DNS leaks. Many non-HTTP-based applications are usually torified using a small tool called <code>torify</code> (e.g. by typing <code>torify fetchmail</code>), but often this approach has DNS leaking problems, see below.</p>
<ul>
<li>
<p><strong>Webbrowser: Firefox, Mozilla, Galeon, Konqueror, ...</strong>:<br />
Most browsers can be torified by using Privoxy as an HTTP(S) proxy, i.e. using <code>127.0.0.1</code> as proxy host and <code>8118</code> as proxy port.<br />
For example, to torify <a href="http://www.mozilla.com/firefox/">Firefox</a> go to <em>Edit -> Preferences -> General -> Connection Settings -> Manual proxy configuration</em> and configure:<br />
<code>HTTP Proxy: 127.0.0.1 port 8118<br />
SSL Proxy: 127.0.0.1 port 8118<br />
FTP Proxy: 127.0.0.1 port 8118<br />
SOCKS v5<br />
</code><br />
For <a href="http://www.konqueror.org/">Konqueror</a>, go to <em>Settings -> Configure Konqueror -> Proxy -> Manually Specify the proxy settings -> Setup</em> and configure:<br />
<code>HTTP Proxy: 127.0.0.1 port 8118<br />
HTTPS Proxy: 127.0.0.1 port 8118<br />
FTP Proxy: 127.0.0.1 port 8118<br />
</code><br />
<strong style="color: #ff0000">Warning:</strong> Although Privoxy doesn't support FTP, you should configure the browser to use Tor + Privoxy for FTP. By doing that, you get an error message when you try to access <code>ftp://</code> URLs, but at least you don't send untorified traffic without noticing.<br />
<strong style="color: #ff0000">Warning:</strong> Firefox's "Live Bookmarks" (RSS feeds) are a problem if you switch from a torified to an untorified state sometimes (by switching or enabling/disabling the proxy). Firefox periodically requests all the feeds you're subscribed to. If you turn off Tor + Privoxy usage, they will be requested non-anonymously, <em>and you won't even notice it</em>! Solution: remove all "Live Bookmarks", or never switch to untorified browsing.</p>
</li>
<li>
<p><strong>HTTP-based tools: lynx, links, w3m, wget, curl, ...</strong>:<br />
Most other HTTP tools, such as <a href="http://www.gnu.org/software/wget/">wget</a>, can be torified by setting the respective values for the <code>http_proxy</code> and <code>HTTP_PROXY</code> environment variables. Applications that don't honor <code>http_proxy</code> probably have a configuration option to set the HTTP proxy.<br />
Add this to your <code>~/.bashrc</code> or similar config-file:<br />
<code>http_proxy=http://127.0.0.1:8118/<br />
HTTP_PROXY=$http_proxy<br />
export http_proxy HTTP_PROXY<br />
</code><br />
<strong style="color: #ff0000">Warning:</strong> <a href="http://artax.karlin.mff.cuni.cz/~mikulas/vyplody/links/">links</a> is a notable exception here. It does <em>not</em> honor the <code>http_proxy</code> environment variable! However, you can add <code>http_proxy 127.0.0.1:8118</code> to your <em>/etc/links.cfg</em> and/or to your <em>~/.links/links.cfg</em>. Or go to <em>Setup -> Network Options</em> and do the same there. Or use the <code>-http-proxy 127.0.0.1:8118</code> command line option.</p>
</li>
<li>
<p><strong>Instant Messaging: <a href="http://gaim.sourceforge.net/">Gaim</a></strong>:<br />
Go to <em>Preferences -> Network -> Proxy</em> and configure this:<br />
<code>Proxy type: Socks 5<br />
Host: 127.0.0.1<br />
Port: 9050<br />
</code><br />
Gaim doesn't seem to leak DNS requests.</p>
</li>
<li>
<p><strong>Debian: <a href="http://www.debian.org/doc/manuals/apt-howto/">Apt</a></strong>:<br />
Setting <code>http_proxy</code> is enough, as <code>apt-get</code> honors the <code>http_proxy</code> environment variable. But you can also add this line to your <em>/etc/apt/apt-conf</em>:<br />
<code>Acquire::http::Proxy "http://127.0.0.1:8118/";<br />
</code><br />
apt-get doesn't seem to leak DNS requests.<br />
<strong style="color: #ff0000">Warning:</strong> This will only work for deb/deb-src lines in <em>/etc/apt/sources.list</em> that use HTTP, because Privoxy does not support FTP.</p>
</li>
<li>
<p><strong>RSS-Reader: <a href="http://akregator.sourceforge.net/">Akregator</a></strong>:<br />
Which RSS feeds you are reading tells quite a lot about you, and it's probably an information some people or organizations would be very interested in, I imagine. So anonymizing your feed-reader is quite important, IMHO. Akregator (a KDE RSS-reader application) uses Konqueror internally, so if you have set Konqueror to use Tor + Privoxy as HTTP-proxy, Akregator is safe, too.<br />
Akregator doesn't seem to leak DNS requests.</p>
</li>
<li>
<p><strong>Podcast Client: <a href="http://juicereceiver.sourceforge.net/">iPodder/Juice</a></strong>:<br />
Got to <em>File -> Preferences -> Network settings</em> and configure this:<br />
<code>Use a proxy server: enable<br />
Address: http://127.0.0.1<br />
Port: 8118<br />
</code><br />
iPodder/Juice doesn't seem to leak DNS requests.</p>
</li>
<li>
<p><strong>Secure login: <a href="http://www.openssh.com/">ssh</a></strong>:<br />
In order to torify all your ssh communications (ssh, slogin, sftp, etc.), edit your <em>/etc/ssh/ssh_config</em> and/or <em>~/.ssh/config</em> and add:<br />
<code>Host *<br />
ProxyCommand socat STDIO SOCKS4A:127.0.0.1:%h:%p,socksport=9050<br />
</code><br />
This requires <a href="http://www.dest-unreach.org/socat/">socat</a>, so: <code>apt-get install socat</code>.<br />
ssh doesn't seem to leak DNS requests.<br />
<strong style="color: #ff0000">Warning:</strong> Simply using <code>torify ssh</code> does <em>not</em> suffice, it leaks DNS requests!</p>
</li>
<li>
<p><strong>Email: <a href="http://www.catb.org/~esr/fetchmail/">fetchmail</a></strong>:<br />
Properly torifying fetchmail is pretty ugly. Basically, <code>torify fetchmail</code> should be enough (one would think), but that leaks DNS requests! All tips offered in the <a href="http://wiki.noreply.org/noreply/TheOnionRouter/TorifyHOWTO#Fetchmail">Torify HOWTO</a> suffer from this problem. The ideal solution would be to use <code>tor-resolve</code> (a small utility that resolves DNS requests via the Tor network, and hence anonymously) before fetching the emails, but I haven't found a good and simple solution for that. What I do right now is to hardcode IP addresses in my <em>~/.fetchmailrc</em> config-file and then use <code>torify fetchmail</code>, which doesn't leak DNS requests. However, it leads to some ugly "<em>fetchmail: Server CommonName mismatch: foo.bar.com != xxx.xxx.xxx.xxx</em>" warnings.<br />
I always start fetchmail manually, often by clicking an icon in my <a href="http://www.icewm.org/">IceWM</a> toolbar. So I use the following line in my <em>~/.icewm/toolbar</em> config-file:<br />
<code>prog Fetchmail fetchmail xterm -e torify fetchmail<br />
</code><br />
Sometimes I invoke fetchmail from the command-line, too, so I have this alias in my <em>~/.bashrc</em>:<br />
<code>alias fetchmail='torify fetchmail'<br />
</code></p>
<p><strong style="color: #ff0000">Warning:</strong> Just for the record: <code>torify fetchmail</code> alone (i.e. used with hostnames in <em>~/.fetchmailrc</em>) does <em>not</em> suffice, it leaks DNS requests!</p>
</li>
<li>
<p><strong>IRC: <a href="http://www.xchat.org/">XChat</a></strong>:<br />
Go to <em>Settings-> Preferences -> Network -> Network setup -> Proxy server</em> and configure:<br />
<code>Hostname: 127.0.0.1<br />
Port: 9050<br />
Type: Socks5<br />
</code><br />
Then make sure you check the "Use a proxy server" checkbox in the preferences dialog of the IRC server you want to use.<br />
XChat doesn't leak DNS requests.</p>
</li>
</ul>
<p>You might also want to check out <a href="http://shellscripts.org/project/toraliases">toraliases</a>, a small shell script you can source from your <code>~/.bashrc</code> file. It defines some functions and aliases that transparently direct the traffic of some (but not all!) programs through Tor.</p>
<h2>Applications which cannot easily be torified</h2>
<p>Anything not using TCP usually cannot be torified, as Tor only works for TCP.</p>
<ul>
<li><strong>Non-TCP traffic from tools like ping, host, dig, nslookup, nmap, traceroute and lots more:</strong> as Tor only supports TCP, you're out of luck. However, you can safely use web-frontends such as <a href="http://www.dnsstuff.com/">dnsstuff.com</a> over Tor + Privoxy (if they don't block Tor users, that is).</li>
<li><strong>whois:</strong> Although <code>torify whois google.com</code> leaks the DNS request for the whois-server (in this case <em>whois.crsnic.net</em>), it doesn't seem to leak the host you wanted to lookup. Can somebody confirm this? The safer method is to use a web-frontend, though.</li>
<li><strong>FTP:</strong> Although <code>torify ncftp</code> works, it leaks DNS requests! I haven't yet found a way to fix this (help is appreciated!). I also tried a few other FTP clients, without luck.</li>
<li><strong><a href="http://www.gnupg.org/">GnuPG</a></strong>: Using gpg anonymously <a href="http://wiki.noreply.org/noreply/TheOnionRouter/TorifyHOWTO#GnuPG">should work</a> by using a proper <code>http_proxy</code> environment variable and by using a hidden Tor server as keyserver.<br />
Add this to your <em>~/.gnupg/gpg.conf</em>:<br />
<code>keyserver x-hkp://yod73zr3y6wnm2sw.onion<br />
keyserver-options honor-http-proxy broken-http-proxy<br />
</code><br />
This works in theory. However, I noticed a problem: while <code>gpg --recv-keys</code> seems to work fine, <code>gpg --refresh-keys</code> leaks DNS requests! It seems GnuPG hard-codes the keyserver to <em>keyserver.pgp.com</em> in that case and leaks the DNS request for this domain name.
</li>
<li><strong>Sending email (SMTP):</strong> Not sure how to do this with Tor. Many Tor nodes block SMTP per default. A better solution is probably <a href="http://mixmaster.sourceforge.net/">Mixmaster</a>/<a href="http://mixminion.net/">Mixminion</a>.</li>
<li><strong>CVS, svn, Bittorrent/<a href="http://azureus.sourceforge.net">Azureus</a> (<a href="http://azureus.sourceforge.net/doc/AnonBT/Tor/howto_0.5.htm">untested HOWTO</a>), usenet clients (pan, slrn), xmms:</strong> TODO. Haven't checked, yet.</li>
</ul>
<h2>Pitfalls to be aware of</h2>
<ul>
<li>Rule #1: <em>Don't spoil your anonymity by being stupid</em>!</li>
<li>IRC: Don't use nicks which hint at you, such as your real name, real-life nickname, acronyms which are known to "belong" to you or identify you. Don't use things like DCC that might reveal your real IP or real information about you. Disable all possibly "leaky" features/commands such as CTCP, VERSION requests, automatically accepting files from other IRC users, etc. etc.</li>
<li>Don't accidentally access Tor hidden server URLs in an untorified browser. For example, if you would try to access the fictitious hidden server <em>abc1234.onion</em>, this request would travel over the net unencrypted and untorified. An eavesdropper could sniff that, enable Tor on his computer, go to <em>abc1234.onion</em>, and would know what you wanted to look at.</li>
<li>Double-check that all applications you use don't leak DNS requests.</li>
<li>Do not only configure your <em>~/.foobarrc</em> config-files but also the config-files in <em>/etc</em>. Otherwise you might eventually use wget, ssh, lynx or other tools as root (instead of your normal, non-privileged user account) resulting in untorified traffic!</li>
<li>Disable all "check for updates automatically", "notify upon new release" and similar "phoning home" features in all your applications. Most such features are probably not Tor-safe, i.e. will send/receive untorified traffic. Some candidates are Firefox, Adobe Acrobat reader, Gaim, and others.</li>
<li>Never, <em>never</em>, think that Tor encrypts your traffic! <a href="https://tor.unixgu.ru/">It does not</a>! The person who runs a Tor exit node can easily sniff all plain-text traffic! Tor only anonymizes your traffic, but it can still be sniffed plain-text at the beginning and at the end of the onion route! So don't do any HTTP-auth, or plain-text password sending for e.g. POP3, telnet, and so on. Always use encryption in addition to Tor!</li>
<li>In general, spread only a minimum of information. Disable referrer sending (e.g. using Privoxy), disable cookies, kill webbugs (Privoxy), and so on.</li>
<li><a href="http://blog.crash-override.net/index.php/82">Watch your language</a>, especially in public forums or IRC. A linguist can probably easily figure out which country/region you're from if you speak/write broken English or use certain idioms or <a href="http://en.wikipedia.org/wiki/False_friends">false friends</a>. This might or might not be a problem for you, but it's something you should bear in mind.</li>
<li>If you're extra paranoid, you could set up your firewall to block all outgoing DNS traffic and force all applications to use Tor to resolve names. You could probably also block <em>all</em> outgoing non-Tor traffic...</li>
<li>Another good idea is probably carrying an <a href="http://theory.kaos.to/projects.html">Anonym.OS LiveCD</a> with you, so you can have a (more) anonymous communication wherever you go.</li>
</ul>
<h2>More information</h2>
<p>More information is available in the <a href="http://tor.eff.org/documentation.html.en">Tor documentation</a>, the <a href="http://wiki.noreply.org/noreply/TheOnionRouter">Tor wiki</a>, and especially in the <a href="http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ">Tor FAQ</a>. In addition, there's an IRC channel on Freenode (<strong>#tor</strong>), some <a href="http://freehaven.net/~arma/wth1.pdf">slides</a> and a <a href="http://rehash.waag.org/WTH/wth-anonymous-communication-58.mp4.torrent">video (torrent)</a> about Tor you might find interesting. If you would like to help, you can <a href="http://tor.eff.org/cvs/tor/doc/tor-doc-server.html">run a Tor server</a>, <a href="http://tor.eff.org/donate.html.en">donate some money</a>, or <a href="http://tor.eff.org/volunteer.html.en">volunteer</a> to do other things (code, debug, document, translate, and more).</p>
<p>That's it for now. I'm very grateful for comments and suggestions, especially for hints on how to anonymize more applications. Also, if you notice any dumb mistakes I made, please <a href="http://www.hermann-uwe.de/comment/reply/810#comment">leave a comment</a>.</p>
<p><strong style="color: #ff0000">Update 2006-03-07:</strong> Fixed typos, added link to the <a href="http://shellscripts.org/project/toraliases">toraliases</a> project (thanks <a href="http://www.crash-override.net/">Benjamin Schieder</a>).<br />
<strong style="color: #ff0000">Update 2006-03-10:</strong> Fixed a whole bunch grammar errors, thanks <a href="http://afs.eecs.harvard.edu/~goodell">Geoffrey Lewis Goodell</a> for the patch!</p>
http://www.hermann-uwe.de/blog/howto-anonymous-communication-with-tor-some-hints-and-some-pitfalls#commentsanonymityanonymouscommunicationexit nodeprivacysecuritysniffingtorMon, 06 Mar 2006 10:20:45 +0100Uwe Hermann810 at http://www.hermann-uwe.deBetter browsing using Privoxyhttp://www.hermann-uwe.de/blog/better-browsing-using-privoxy
<p>I've been a happy <a href="http://www.privoxy.org/">Privoxy</a> user for quite some time now. I can really recommend it to anybody who wants to get rid of all the nasty stuff floating around on the web these days. From the Privoxy homepage:</p>
<blockquote><p>
Privoxy is a web proxy with advanced filtering capabilities for protecting privacy, modifying web page content, managing cookies, controlling access, and removing ads, banners, pop-ups and other obnoxious Internet junk.
</p></blockquote>
<p>The most useful feature for me is that it automatically removes almost all of those ugly flash-based ad banners. </p>
<p>My todo list:</p>
<ul>
<li>Fine tune the filters for my needs. I'm currently using the stock Debian package of Privoxy, without any customizations.</li>
<li>Check out <a href="http://www.neilvandyke.org/privoxy-rules/">Neil van Dyke's privoxy rules</a> which filter even more nasty stuff.</li>
<li>Check out the combination of Privoxy and <a href="http://en.wikipedia.org/wiki/Tor_%28anonymous_network%29">Tor</a> for anonymous browsing.</li>
</ul>
http://www.hermann-uwe.de/blog/better-browsing-using-privoxy#commentsadsanonymitybannersbrowserflashpop-upsprivacyprivoxyproxyspamtorTue, 11 Oct 2005 14:49:32 +0200Uwe Hermann441 at http://www.hermann-uwe.de